Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/223883?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/223883?format=api", "vulnerability_id": "VCID-sbe1-cx8r-aba1", "summary": "On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions.\n\nIf you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user.\n\nThis issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.", "aliases": [ { "alias": "CVE-2024-4030" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/936924?format=api", "purl": "pkg:deb/debian/python2.7@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python2.7@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936923?format=api", "purl": "pkg:deb/debian/python2.7@2.7.18-8%2Bdeb11u1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python2.7@2.7.18-8%252Bdeb11u1%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936960?format=api", "purl": "pkg:deb/debian/python3.11@0?distro=bookworm", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.11@0%3Fdistro=bookworm" }, { "url": "http://public2.vulnerablecode.io/api/packages/936953?format=api", "purl": "pkg:deb/debian/python3.11@3.11.2-6%2Bdeb12u6?distro=bookworm", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.11@3.11.2-6%252Bdeb12u6%3Fdistro=bookworm" }, { "url": "http://public2.vulnerablecode.io/api/packages/936985?format=api", "purl": "pkg:deb/debian/python3.9@0?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@0%3Fdistro=bullseye" }, { "url": "http://public2.vulnerablecode.io/api/packages/936982?format=api", "purl": "pkg:deb/debian/python3.9@3.9.2-1?distro=bullseye", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/python3.9@3.9.2-1%3Fdistro=bullseye" } ], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06916", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07193", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07165", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07152", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06723", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0677", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0717", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07082", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06756", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06846", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0685", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06844", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06838", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0678", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06772", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06931", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06895", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06923", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.069", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-4030" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/python/cpython/issues/118486", "reference_id": "118486", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/issues/118486" }, { "reference_url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a", "reference_id": "35c799d79177b962ddace2fa068101465570a29a", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/35c799d79177b962ddace2fa068101465570a29a" }, { "reference_url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd", "reference_id": "5130731c9e779b97d00a24f54cdce73ce9975dfd", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/5130731c9e779b97d00a24f54cdce73ce9975dfd" }, { "reference_url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee", "reference_id": "66f8bb76a15e64a1bb7688b177ed29e26230fdee", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/66f8bb76a15e64a1bb7688b177ed29e26230fdee" }, { "reference_url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e", "reference_id": "6d0850c4c8188035643586ab4d8ec2468abd699e", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/6d0850c4c8188035643586ab4d8ec2468abd699e" }, { "reference_url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e", "reference_id": "81939dad77001556c527485d31a2d0f4a759033e", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/81939dad77001556c527485d31a2d0f4a759033e" }, { "reference_url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d", "reference_id": "8ed546679524140d8282175411fd141fe7df070d", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/8ed546679524140d8282175411fd141fe7df070d" }, { "reference_url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee", "reference_id": "91e3669e01245185569d09e9e6e11641282971ee", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/91e3669e01245185569d09e9e6e11641282971ee" }, { "reference_url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca", "reference_id": "94591dca510c796c7d40e9b4167ea56f2fdf28ca", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/94591dca510c796c7d40e9b4167ea56f2fdf28ca" }, { "reference_url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d", "reference_id": "c8f868dc52f98011d0f9b459b6487920bfb0ac4d", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/c8f868dc52f98011d0f9b459b6487920bfb0ac4d" }, { "reference_url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84", "reference_id": "d86b49411753bf2c83291e3a14ae43fefded2f84", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/d86b49411753bf2c83291e3a14ae43fefded2f84" }, { "reference_url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763", "reference_id": "e1dfa978b1ad210d551385ad8073ec6154f53763", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/e1dfa978b1ad210d551385ad8073ec6154f53763" }, { "reference_url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46", "reference_id": "eb29e2f5905da93333d1ce78bc98b151e763ff46", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://github.com/python/cpython/commit/eb29e2f5905da93333d1ce78bc98b151e763ff46" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240705-0005/", "reference_id": "ntap-20240705-0005", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240705-0005/" }, { "reference_url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/", "reference_id": "PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-08T15:32:37Z/" } ], "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PRGS5OR3N3PNPT4BMV2VAGN5GMUI5636/" } ], "weaknesses": [ { "cwe_id": 276, "name": "Incorrect Default Permissions", "description": "During installation, installed file permissions are set to allow anyone to modify those files." } ], "exploits": [], "severity_range_score": "4.4 - 7.1", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbe1-cx8r-aba1" }